Commit d6e08a4

committed

Implement prose tests for $lookup support

As laid out in the spec: mongodb/specifications@527e22d

1 parent 68f176a commit d6e08a4Copy full SHA for d6e08a4

File tree

3 files changed

+374

-2

lines changed

tests
- SpecTests/ClientSideEncryption
  - Prose25_LookupTest.php
- drivers-evergreen-tools
- specifications

3 files changed

+374

-2

lines changed

`‎tests/SpecTests/ClientSideEncryption/Prose25_LookupTest.php`

Lines changed: 372 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,372 @@`
	`1`	`+<?php`
	`2`	`+`
	`3`	`+namespace MongoDB\Tests\SpecTests\ClientSideEncryption;`
	`4`	`+`
	`5`	`+use MongoDB\BSON\Binary;`
	`6`	`+use MongoDB\Client;`
	`7`	`+use PHPUnit\Framework\Attributes\Group;`
	`8`	`+`
	`9`	`+use function base64_decode;`
	`10`	`+use function file_get_contents;`
	`11`	`+`
	`12`	`+/**`
	`13`	`+ * Prose test 25: Test lookup`
	`14`	`+ *`
	`15`	`+ * @see https://github.com/mongodb/specifications/blob/master/source/client-side-encryption/tests/README.md#25-test-lookup`
	`16`	`+ */`
	`17`	`+#[Group('csfle')]`
	`18`	`+class Prose25_LookupTest extends FunctionalTestCase`
	`19`	`+{`
	`20`	`+ private $key1Id;`
	`21`	`+`
	`22`	`+ private const COLL_CSFLE = 'csfle';`
	`23`	`+ private const COLL_CSFLE2 = 'csfle2';`
	`24`	`+ private const COLL_QE = 'qe';`
	`25`	`+ private const COLL_QE2 = 'qe2';`
	`26`	`+ private const COLL_NO_SCHEMA = 'no_schema';`
	`27`	`+ private const COLL_NO_SCHEMA2 = 'no_schema2';`
	`28`	`+`
	`29`	`+ private static string $dataDir = __DIR__ . '/../../specifications/source/client-side-encryption/etc/data/lookup';`
	`30`	`+`
	`31`	`+ public function setUp(): void`
	`32`	`+ {`
	`33`	`+ parent::setUp();`
	`34`	`+`
	`35`	`+ if ($this->isStandalone()) {`
	`36`	`+ $this->markTestSkipped('Lookup tests require replica sets');`
	`37`	`+ }`
	`38`	`+`
	`39`	`+ $this->skipIfServerVersion('<', '7.0.0', 'Lookup encryption tests require MongoDB 7.0 or later');`
	`40`	`+`
	`41`	`+ $key1Document = $this->decodeJson(file_get_contents(self::$dataDir . '/key-doc.json'));`
	`42`	`+ $this->key1Id = $key1Document->_id;`
	`43`	`+`
	`44`	`+ $encryptedClient = $this->getEncryptedClient();`
	`45`	`+`
	`46`	`+ // Drop the key vault collection and insert key1Document with a majority write concern`
	`47`	`+ self::insertKeyVaultData($encryptedClient, [$key1Document]);`
	`48`	`+`
	`49`	`+ $this->refreshCollections($encryptedClient);`
	`50`	`+ }`
	`51`	`+`
	`52`	`+ private function getEncryptedClient(): Client`
	`53`	`+ {`
	`54`	`+ $autoEncryptionOpts = [`
	`55`	`+ 'keyVaultNamespace' => 'keyvault.datakeys',`
	`56`	`+ 'kmsProviders' => ['local' => ['key' => new Binary(base64_decode(self::LOCAL_MASTERKEY))]],`
	`57`	`+ ];`
	`58`	`+`
	`59`	`+ return self::createTestClient(null, [], [`
	`60`	`+ 'autoEncryption' => $autoEncryptionOpts,`
	`61`	`+ /* libmongocrypt caches results from listCollections. Use a new`
	`62`	`+ * client in each test to ensure its encryptedFields is applied. */`
	`63`	`+ 'disableClientPersistence' => true,`
	`64`	`+ ]);`
	`65`	`+ }`
	`66`	`+`
	`67`	`+ private function refreshCollections(Client $client): void`
	`68`	`+ {`
	`69`	`+ $encryptedDb = $client->getDatabase(self::getDatabaseName());`
	`70`	`+ $unencryptedDb = self::createTestClient()->getDatabase(self::getDatabaseName());`
	`71`	`+`
	`72`	`+ $optionsMap = [`
	`73`	`+ self::COLL_CSFLE => [`
	`74`	`+ 'validator' => [`
	`75`	`+ '$jsonSchema' => $this->decodeJson(file_get_contents(self::$dataDir . '/schema-csfle.json')),`
	`76`	`+ ],`
	`77`	`+ ],`
	`78`	`+ self::COLL_CSFLE2 => [`
	`79`	`+ 'validator' => [`
	`80`	`+ '$jsonSchema' => $this->decodeJson(file_get_contents(self::$dataDir . '/schema-csfle2.json')),`
	`81`	`+ ],`
	`82`	`+ ],`
	`83`	`+ self::COLL_QE => [`
	`84`	`+ 'encryptedFields' => $this->decodeJson(file_get_contents(self::$dataDir . '/schema-qe.json')),`
	`85`	`+ ],`
	`86`	`+ self::COLL_QE2 => [`
	`87`	`+ 'encryptedFields' => $this->decodeJson(file_get_contents(self::$dataDir . '/schema-qe2.json')),`
	`88`	`+ ],`
	`89`	`+ self::COLL_NO_SCHEMA => [],`
	`90`	`+ self::COLL_NO_SCHEMA2 => [],`
	`91`	`+ ];`
	`92`	`+`
	`93`	`+ foreach ($optionsMap as $collectionName => $options) {`
	`94`	`+ $encryptedDb->dropCollection($collectionName);`
	`95`	`+ $encryptedDb->createCollection($collectionName, $options);`
	`96`	`+`
	`97`	`+ $collection = $unencryptedDb->getCollection($collectionName);`
	`98`	`+`
	`99`	`+ $result = $encryptedDb->getCollection($collectionName)->insertOne([$collectionName => $collectionName]);`
	`100`	`+`
	`101`	`+ if ($options) {`
	`102`	`+ $document = $collection->findOne(['_id' => $result->getInsertedId()]);`
	`103`	`+ $this->assertInstanceOf(Binary::class, $document->{$collectionName});`
	`104`	`+ }`
	`105`	`+ }`
	`106`	`+ }`
	`107`	`+`
	`108`	`+ private function assertPipelineReturnsSingleDocument(string $collection, array $pipeline, array $expected): void`
	`109`	`+ {`
	`110`	`+ $this->skipIfServerVersion('<', '8.1.0', 'Lookup test case requires server version 8.1.0 or later');`
	`111`	`+ $this->skipIfClientSideEncryptionIsNotSupported();`
	`112`	`+`
	`113`	`+ $cursor = $this`
	`114`	`+ ->getEncryptedClient()`
	`115`	`+ ->getCollection(self::getDatabaseName(), $collection)`
	`116`	`+ ->aggregate($pipeline);`
	`117`	`+`
	`118`	`+ $cursor->rewind();`
	`119`	`+ $this->assertMatchesDocument(`
	`120`	`+ $expected,`
	`121`	`+ $cursor->current(),`
	`122`	`+ );`
	`123`	`+ $this->assertNull($cursor->next());`
	`124`	`+ }`
	`125`	`+`
	`126`	`+ public function testCase1_CsfleJoinsNoSchema(): void`
	`127`	`+ {`
	`128`	`+ $pipeline = [`
	`129`	`+ [`
	`130`	`+ '$match' => ['csfle' => 'csfle'],`
	`131`	`+ ],`
	`132`	`+ [`
	`133`	`+ '$lookup' => [`
	`134`	`+ 'from' => 'no_schema',`
	`135`	`+ 'as' => 'matched',`
	`136`	`+ 'pipeline' => [`
	`137`	`+ [`
	`138`	`+ '$match' => ['no_schema' => 'no_schema'],`
	`139`	`+ ],`
	`140`	`+ [`
	`141`	`+ '$project' => ['_id' => 0],`
	`142`	`+ ],`
	`143`	`+ ],`
	`144`	`+ ],`
	`145`	`+ ],`
	`146`	`+ [`
	`147`	`+ '$project' => ['_id' => 0],`
	`148`	`+ ],`
	`149`	`+ ];`
	`150`	`+ $expected = [`
	`151`	`+ 'csfle' => 'csfle',`
	`152`	`+ 'matched' => [`
	`153`	`+ ['no_schema' => 'no_schema'],`
	`154`	`+ ],`
	`155`	`+ ];`
	`156`	`+`
	`157`	`+ $this->assertPipelineReturnsSingleDocument(self::COLL_CSFLE, $pipeline, $expected);`
	`158`	`+ }`
	`159`	`+`
	`160`	`+ public function testCase2_QeJoinsNoSchema(): void`
	`161`	`+ {`
	`162`	`+ $pipeline = [`
	`163`	`+ [`
	`164`	`+ '$match' => ['qe' => 'qe'],`
	`165`	`+ ],`
	`166`	`+ [`
	`167`	`+ '$lookup' => [`
	`168`	`+ 'from' => 'no_schema',`
	`169`	`+ 'as' => 'matched',`
	`170`	`+ 'pipeline' => [`
	`171`	`+ [`
	`172`	`+ '$match' => ['no_schema' => 'no_schema'],`
	`173`	`+ ],`
	`174`	`+ [`
	`175`	`+ '$project' => [`
	`176`	`+ '_id' => 0,`
	`177`	`+ '__safeContent__' => 0,`
	`178`	`+ ],`
	`179`	`+ ],`
	`180`	`+ ],`
	`181`	`+ ],`
	`182`	`+ ],`
	`183`	`+ [`
	`184`	`+ '$project' => [`
	`185`	`+ '_id' => 0,`
	`186`	`+ '__safeContent__' => 0,`
	`187`	`+ ],`
	`188`	`+ ],`
	`189`	`+ ];`
	`190`	`+ $expected = [`
	`191`	`+ 'qe' => 'qe',`
	`192`	`+ 'matched' => [`
	`193`	`+ ['no_schema' => 'no_schema'],`
	`194`	`+ ],`
	`195`	`+ ];`
	`196`	`+`
	`197`	`+ $this->assertPipelineReturnsSingleDocument(self::COLL_QE, $pipeline, $expected);`
	`198`	`+ }`
	`199`	`+`
	`200`	`+ public function testCase3_NoSchemaJoinsCsfle(): void`
	`201`	`+ {`
	`202`	`+ $pipeline = [['$match' => ['no_schema' => 'no_schema']],`
	`203`	`+ [`
	`204`	`+ '$lookup' => [`
	`205`	`+ 'from' => 'csfle',`
	`206`	`+ 'as' => 'matched',`
	`207`	`+ 'pipeline' => [`
	`208`	`+ [`
	`209`	`+ '$match' => ['csfle' => 'csfle'],`
	`210`	`+ ],`
	`211`	`+ [`
	`212`	`+ '$project' => ['_id' => 0],`
	`213`	`+ ],`
	`214`	`+ ],`
	`215`	`+ ],`
	`216`	`+ ],`
	`217`	`+ ['$project' => ['_id' => 0]],`
	`218`	`+ ];`
	`219`	`+ $expected = ['no_schema' => 'no_schema', 'matched' => [['csfle' => 'csfle']]];`
	`220`	`+`
	`221`	`+ $this->assertPipelineReturnsSingleDocument(self::COLL_NO_SCHEMA, $pipeline, $expected);`
	`222`	`+ }`
	`223`	`+`
	`224`	`+ public function testCase4_NoSchemaJoinsQe(): void`
	`225`	`+ {`
	`226`	`+ $pipeline = [`
	`227`	`+ [`
	`228`	`+ '$match' => ['no_schema' => 'no_schema'],`
	`229`	`+ ],`
	`230`	`+ [`
	`231`	`+ '$lookup' => [`
	`232`	`+ 'from' => 'qe',`
	`233`	`+ 'as' => 'matched',`
	`234`	`+ 'pipeline' => [`
	`235`	`+ [`
	`236`	`+ '$match' => ['qe' => 'qe'],`
	`237`	`+ ],`
	`238`	`+ [`
	`239`	`+ '$project' => [`
	`240`	`+ '_id' => 0,`
	`241`	`+ '__safeContent__' => 0,`
	`242`	`+ ],`
	`243`	`+ ],`
	`244`	`+ ],`
	`245`	`+ ],`
	`246`	`+ ],`
	`247`	`+ [`
	`248`	`+ '$project' => ['_id' => 0],`
	`249`	`+ ],`
	`250`	`+ ];`
	`251`	`+ $expected = [`
	`252`	`+ 'no_schema' => 'no_schema',`
	`253`	`+ 'matched' => [`
	`254`	`+ ['qe' => 'qe'],`
	`255`	`+ ],`
	`256`	`+ ];`
	`257`	`+`
	`258`	`+ $this->assertPipelineReturnsSingleDocument(self::COLL_NO_SCHEMA, $pipeline, $expected);`
	`259`	`+ }`
	`260`	`+`
	`261`	`+ public function testCase5_CsfleJoinsCsfle2(): void`
	`262`	`+ {`
	`263`	`+ $pipeline = [`
	`264`	`+ ['$match' => ['csfle' => 'csfle']],`
	`265`	`+ [`
	`266`	`+ '$lookup' => [`
	`267`	`+ 'from' => 'csfle2',`
	`268`	`+ 'as' => 'matched',`
	`269`	`+ 'pipeline' => [`
	`270`	`+ [`
	`271`	`+ '$match' => ['csfle2' => 'csfle2'],`
	`272`	`+ ],`
	`273`	`+ [`
	`274`	`+ '$project' => ['_id' => 0],`
	`275`	`+ ],`
	`276`	`+ ],`
	`277`	`+ ],`
	`278`	`+ ],`
	`279`	`+ ['$project' => ['_id' => 0]],`
	`280`	`+ ];`
	`281`	`+ $expected = ['csfle' => 'csfle', 'matched' => [['csfle2' => 'csfle2']]];`
	`282`	`+`
	`283`	`+ $this->assertPipelineReturnsSingleDocument(self::COLL_CSFLE, $pipeline, $expected);`
	`284`	`+ }`
	`285`	`+`
	`286`	`+ public function testCase6_QeJoinsQe2(): void`
	`287`	`+ {`
	`288`	`+ $pipeline = [`
	`289`	`+ ['$match' => ['qe' => 'qe']],`
	`290`	`+ [`
	`291`	`+ '$lookup' => [`
	`292`	`+ 'from' => 'qe2',`
	`293`	`+ 'as' => 'matched',`
	`294`	`+ 'pipeline' => [`
	`295`	`+ [`
	`296`	`+ '$match' => ['qe2' => 'qe2'],`
	`297`	`+ ],`
	`298`	`+ [`
	`299`	`+ '$project' => [`
	`300`	`+ '_id' => 0,`
	`301`	`+ '__safeContent__' => 0,`
	`302`	`+ ],`
	`303`	`+ ],`
	`304`	`+ ],`
	`305`	`+ ],`
	`306`	`+ ],`
	`307`	`+ ['$project' => ['_id' => 0, '__safeContent__' => 0]],`
	`308`	`+ ];`
	`309`	`+ $expected = ['qe' => 'qe', 'matched' => [['qe2' => 'qe2']]];`
	`310`	`+`
	`311`	`+ $this->assertPipelineReturnsSingleDocument(self::COLL_QE, $pipeline, $expected);`
	`312`	`+ }`
	`313`	`+`
	`314`	`+ public function testCase7_NoSchemaJoinsNoSchema2(): void`
	`315`	`+ {`
	`316`	`+ $pipeline = [`
	`317`	`+ ['$match' => ['no_schema' => 'no_schema']],`
	`318`	`+ [`
	`319`	`+ '$lookup' => [`
	`320`	`+ 'from' => 'no_schema2',`
	`321`	`+ 'as' => 'matched',`
	`322`	`+ 'pipeline' => [`
	`323`	`+ ['$match' => ['no_schema2' => 'no_schema2']],`
	`324`	`+ ['$project' => ['_id' => 0]],`
	`325`	`+ ],`
	`326`	`+ ],`
	`327`	`+ ],`
	`328`	`+ ['$project' => ['_id' => 0]],`
	`329`	`+ ];`
	`330`	`+ $expected = ['no_schema' => 'no_schema', 'matched' => [['no_schema2' => 'no_schema2']]];`
	`331`	`+`
	`332`	`+ $this->assertPipelineReturnsSingleDocument(self::COLL_NO_SCHEMA, $pipeline, $expected);`
	`333`	`+ }`
	`334`	`+`
	`335`	`+ public function testCase8_CsfleJoinsQeFails(): void`
	`336`	`+ {`
	`337`	`+ $this->skipIfServerVersion('<', '8.1.0', 'Lookup test case requires server version 8.1.0 or later');`
	`338`	`+ $this->skipIfClientSideEncryptionIsNotSupported();`
	`339`	`+`
	`340`	`+ $this->expectExceptionMessage('not supported');`
	`341`	`+`
	`342`	`+ $this->getEncryptedClient()`
	`343`	`+ ->getCollection(self::getDatabaseName(), self::COLL_CSFLE)`
	`344`	`+ ->aggregate([`
	`345`	`+ [`
	`346`	`+ '$match' => ['csfle' => 'qe'],`
	`347`	`+ ],`
	`348`	`+ [`
	`349`	`+ '$lookup' => [`
	`350`	`+ 'from' => 'qe',`
	`351`	`+ 'as' => 'matched',`
	`352`	`+ 'pipeline' => [`
	`353`	`+ [`
	`354`	`+ '$match' => ['qe' => 'qe'],`
	`355`	`+ ],`
	`356`	`+ [`
	`357`	`+ '$project' => ['_id' => 0],`
	`358`	`+ ],`
	`359`	`+ ],`
	`360`	`+ ],`
	`361`	`+ ],`
	`362`	`+ [`
	`363`	`+ '$project' => ['_id' => 0],`
	`364`	`+ ],`
	`365`	`+ ]);`
	`366`	`+ }`
	`367`	`+`
	`368`	`+ public function testCase9_TestErrorWithLessThan8_1(): void`
	`369`	`+ {`
	`370`	`+ $this->markTestSkipped('Depends on PHPC-2616 to determine crypt shared version.');`
	`371`	`+ }`
	`372`	`+}`